While there are current safety features embedded in certain implantable medical devices, they do not address the possibility of security vulnerabilities in the device itself that may expose patients to life threatening attack scenarios. Even in devices where a life threatening attack is not possible, patient data exposure and privacy violation possibilities exist.
Combining traditional information security disciplines, such as source code review, penetration testing, and application security assessment together with a deep knowledge of the medical device industry, Critical Assets can help implementers of new technology understand the risk associated with it as it is implemented in their environment. Similarly, we can take those risk scenarios and validate our assumptions by assessing the security of the devices in question. With so many new vendor products that have advanced communication capabilities, it is imperative to understand the security of their continuous operation.
We have assessment methodologies to measure and improve the security of:
- Implantable devices, such as insulin pumps and cardiac devices.
- In-facility and portable diagnostic equipment.
- Imaging devices and stoage.